Fota Wildlife Park in Cork hit by cyberattack

Fota Wildlife Park in Cork recently experienced a cyberattack that may have compromised the financial information of customers who made transactions on its website between May 12, 2024, and August 27, 2024.

In an email to customers, the park advised those affected to cancel any credit or debit cards used during that period and to review their bank and credit card statements for any suspicious activity. The park became aware of unauthorised activity on its website and promptly initiated an investigation with the help of external forensic cybersecurity experts.

Fota has since removed all access to user accounts on the website and is strongly urging customers to change their passwords, especially if the same password is used for other accounts.

Despite the breach, Fota Wildlife Park remains open to visitors, with tickets available for purchase at the park. The park is currently reaching out to all potentially affected customers while its website remains offline as a precaution.

Users in Ireland targeted in WhatsApp verification code scam

The National Cyber Security Centre (NCSC) has reported a growing trend of “WhatsApp Verification Code Scams” targeting users in Ireland. This scam involves cybercriminals obtaining a victim’s phone number and initiating a WhatsApp login attempt, prompting the app to send a verification code to the victim.

The scammer, impersonating a friend or family member, urgently requests the victim to share this code. If the victim complies, the scammer gains full access to their WhatsApp account, potentially locking them out and using the compromised account to further deceive others.

To protect yourself, never share your WhatsApp verification code, enable two-step verification, be cautious of urgent requests, and report any suspicious activity to WhatsApp.

Critical vulnerability in WPML plugin puts over one million WordPress sites at risk

A critical vulnerability in the WPML (WordPress Multilingual) plugin, tracked as CVE-2024-6386 with a CVSS score of 9.9, could expose over one million WordPress websites to remote code execution (RCE) attacks.

The flaw, which was discovered by a security researcher, can be exploited by users with contributor-level permissions due to improper sanitisation of input in Twig templates used for shortcode content rendering, leading to server-side template injection (SSTI). The vulnerability was disclosed with a proof-of-concept (PoC) demonstrating how it could be exploited to execute malicious code and potentially compromise entire websites.

Although WPML version 4.6.13, released on August 20, addresses this issue, users are strongly advised to update their installations immediately, as exploit code is publicly available.

Uber fined €290 million by Dutch DPA for GDPR violations in data transfers

The Dutch Data Protection Authority (DPA) has fined Uber €290 million ($324 million) for allegedly violating the General Data Protection Regulation (GDPR) by improperly transferring the personal data of European taxi drivers to the United States.

The fine was imposed after the Dutch DPA, in collaboration with the French DPA, determined that Uber had transferred sensitive information—such as account details, location data, payment information, and even criminal and medical records—without adequate safeguards, especially after the invalidation of the EU-US Privacy Shield in 2020.

Aleid Wolfsen, chairman of the Dutch DPA, criticised Uber for failing to adhere to GDPR requirements, labelling the violation as “very serious.” Despite Uber’s claims that its data transfer practices comply with European laws, the company plans to appeal the decision, calling the fine “completely unjustified.” This marks the third penalty imposed by the Dutch DPA on Uber, with previous fines in 2018 and 2023.

Critical SSRF vulnerability in Microsoft Copilot Studio exposed sensitive internal data

A serious server-side request forgery (SSRF) vulnerability in Microsoft’s Copilot Studio, tracked as CVE-2024-38206, posed a significant threat to the firm’s internal infrastructure by potentially exposing sensitive data.

Researchers from Tenable discovered that the vulnerability allowed users to send HTTP requests as prompts, which they exploited to bypass SSRF protections. By modifying request headers and leveraging the Instance Metadata Service (IMDS) and Cosmos DB, they were able to retrieve sensitive instance metadata and identity access tokens. This access enabled them to gain unauthorised read/write access to internal Cosmos DB instances, exposing internal endpoints.

Rated with a critical severity of 8.5 on the CVSS scale, the vulnerability was swiftly addressed by Microsoft following Tenable’s report. Microsoft has patched the issue and confirmed full mitigation, with no additional user action required.

Google Chrome vulnerability CVE-2024-7965 actively exploited

Google has disclosed that a recently patched vulnerability in its Chrome browser, CVE-2024-7965, is being actively exploited in the wild. The flaw, an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine, could allow remote attackers to exploit heap corruption through a crafted HTML page.

Discovered and reported by a security researcher known as TheDog, the vulnerability has prompted Google to issue a security update for Chrome (version 128.0.6613.84/.85) across all platforms.

Although the specifics of the ongoing exploitation and threat actors remain unclear, users are strongly advised to update their browsers immediately to protect against potential attacks.

This marks the ninth zero-day vulnerability addressed by Google in Chrome in 2024, underscoring the importance of staying current with software updates to ensure browser security.

Critical vulnerability in Linux Kernel exploited in the wild

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-0185, a critical heap-based buffer overflow vulnerability in the Linux kernel, to its Known Exploited Vulnerabilities Catalog.

This vulnerability, located in the legacy_parse_param function of the Linux kernel’s Filesystem Context functionality, enables local attackers to escalate privileges, posing a significant security risk. The flaw, particularly concerning in environments with unprivileged user namespaces, has been actively exploited in the wild, emphasising the need for immediate remediation.

Organisations are urged to apply the latest Linux kernel security patches, restrict unprivileged user capabilities, and employ kernel hardening techniques to mitigate the risk.

Warning issued over Mirai Cryptominer Botnet exploiting zero-day vulnerability in CCTV cameras

Industrial control systems and critical infrastructure operators are being alerted to a new cyber threat involving Mirai cryptominer botnets that exploit a zero-day vulnerability in AVTECH CCTV cameras.

Researchers at Akamai have identified that the Mirai botnet campaign is targeting a command injection vulnerability, tracked as CVE-2024-7029, in these cameras, which, despite being discontinued, remain widely used in critical sectors like commercial facilities, financial services, and healthcare. With no available patch, Akamai advises replacing the affected devices to mitigate security risks.

The Cybersecurity and Infrastructure Security Agency (CISA) had previously highlighted the risk of these cameras in an advisory on August 1, underscoring the danger of vulnerabilities that may be exploited before formal CVE assignment.

Cyber-attack on Norfolk poultry factory exposes sensitive employee data

Banham Poultry, a poultry factory based in Norfolk, has suffered a cyber-attack resulting in the theft of sensitive employee data, including National Insurance numbers, passport copies, and bank details.

The breach occurred in the early hours of August 18, when attackers remotely accessed the company’s systems. Although Banham Poultry has not confirmed if ransomware was involved in the attack, the incident has been reported to the Information Commissioner’s Office.

The company has since implemented “additional security” measures to prevent further breaches and protect employee data.

Former IT engineer arrested for failed ransomware extortion attempt

A former core infrastructure engineer from Somerset County, New Jersey, was arrested on August 27 for allegedly attempting to extort his employer by locking Windows administrators out of 254 servers.

According to court documents, 57-year-old Daniel Rhyne, who worked for the company until November 2023, sent a ransom email on November 25 demanding €700,000 (about $750,000) in Bitcoin.

The email claimed that IT administrators had been locked out and server backups deleted, threatening to shut down 40 servers daily unless the ransom was paid. Rhyne had previously accessed the company’s systems without authorisation, changing passwords and scheduling tasks to disrupt operations.

His plot was uncovered through web searches he made related to his attack, leading to his arrest in Missouri. Facing charges of extortion, intentional computer damage, and wire fraud, Rhyne could face up to 35 years in prison and a $750,000 fine.

Chinese state-linked hackers exploit zero-day vulnerability in US ISPs

Malicious hackers, likely working on behalf of the Chinese government, have been exploiting a high-severity zero-day vulnerability, tracked as CVE-2024-39717, in Versa Director—a virtualisation platform used by ISPs and managed service providers to manage complex network infrastructures.

The vulnerability, an unsanitised file upload flaw, allows attackers to inject malicious Java files and gain remote administrative control via a custom web shell named “VersaMem.” This exploit has been used to infect at least four U.S.-based ISPs with malware designed to steal credentials from downstream customers.

The attacks, ongoing since at least June 12, 2024, involve capturing credentials before they are encrypted, enabling further compromise of ISP customers. Despite Versa releasing a patch for all versions of Versa Director prior to 22.1.4, the threat actors have managed to maintain a foothold by exploiting exposed management ports, such as port 4566, used for high-availability node pairing.

Security firm Lumen’s Black Lotus Labs, which discovered the campaign, has deemed it highly significant due to the vulnerability’s severity, the sophistication of the attackers, and the critical role Versa Director servers play in network management. Affected organisations are urged to apply the patch immediately and follow strict firewall guidelines to prevent unauthorised access.

If you would like to discover how Secora Consulting can assist you in keeping your business secure, please get in touch by filling out the form below 👇.